<?php
    session_start();
    header('X-Frame-Options: DENY');
    include('conn.php');
    include('verify_user.php');
    require 'anti_csrf.php';
    
    if(!isset($_GET['id'])) {
        ;
    } else if ($cur_user != $_GET['id']) {
        die("<a href='/'>Have no right to access!</a>");
    }
?>


<html lang="en">
<head>
    <title>TechBay | Manage Account</title>
    <link href="../css/techbey.css" rel="stylesheet" type="text/css">
    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.0/jquery.min.js"></script>
    <script type="text/javascript" src="../js/account.js"></script>
</head>
<body>
    <script>if (top != self) { top.location = self.location; }</script>
    <div id="headerBar">
        <div class="container">
            <div class="left">
                <a href="/"><h1 title="logo" id="Logo">T<span id="ech">ech</span>BAY</h1></a>
            </div>
            <div class="account_relative">
                <ul>
                    <li>
                        <div class="signoutBar">
                            <a id="signout" class='btn' href="signout.php">Logout</a>
                        </div>
                    </li>
                    <li>
                        <div class="myaccountBar">
                            <?php
                                echo '<a id="signout" class="btn" href="account.php?id='. $cur_user .'">My Account</a>';
                            ?>
                        </div>
                    </li>
                </ul>
            </div>
        </div>
    </div>
    <div  id="wrapper">
        <div class="left" id="left_navigation">
            <table class="lNaviBar">
                <tr>
                    <td>
                        <a id="ShopsBtn" class="lnavbtn" href="/">Shops</a>
                    </td>
                </tr>
                <tr>
                    <td>
                        <a id="RecentLoginBtn" class="lnavbtn" href="/">Recent Logins</a>
                    </td>
                </tr>
                <tr>
                    <td>
                        <a id="RecentActBtn" class="lnavbtn" href="/">Recent Activities</a>
                    </td>
                </tr>
            </table>
        </div>
        <div id="main">
            <div class="container">
                <div id="shops">
                    <table class="mainTable">
                        <?php
                            if(!isset($_GET['page'])) {
                                $cur_page = 1;
                            } else {
                                $cur_page = $_GET['page'];
                                if(!preg_match('/^\d+$/', $cur_page)) {
                                    die('Invalid page number!');
                                }
                            }
                                
                            $start_entry = ($cur_page - 1) * 16;
                    
                            $query = 'SELECT * FROM shops WHERE (shop_name NOT IN (SELECT shop_name FROM shops WHERE shop_owner=$1 LIMIT $2)) AND shop_owner=$3 LIMIT 16';
                            pg_prepare($con, 'prepare7', $query) or die("Could not prepare statement7");
                            $rs = pg_execute($con, 'prepare7', array($cur_user, $start_entry, $cur_user)) or die("Could not execute query");
                            
                            while($row = pg_fetch_assoc($rs)) {
                                echo '<tr><td><a class="shop_name" href="shop.php?id='. $cur_user .'&shop='. $row['shop_name'] .'">'.$row['shop_name'].'</a></td><td></td><td></td><tr>';
                            }
                        ?>
                        <tr>
                            <td></td>
                            <td></td>
                            <td><a id="openShopBtn" class="mainbtn" href="/">Open A Shop</a></td>
                        </tr>
                    </table>
                    <div class="page_list">
                        <?php
                            pg_prepare($con, "page_list_query", "SELECT * FROM shops WHERE shop_owner=$1");
                            $rs = pg_execute($con, "page_list_query", array($cur_user));
                            $row_num = pg_num_rows($rs);
                            $max_page = ceil($row_num / 16);
                            
                            $hide_previous = '';
                            $hide_next = '';
                            
                            echo '<table class="page_relative">';
                            if($cur_page == 1) {
                                $hide_previous = 'class="hidden" ';
                            }
                            if($cur_page >= $max_page) {
                                $hide_next = 'class="hidden" ';
                            }
                            
                            $previous_page = $cur_page - 1;
                            $next_page = $cur_page + 1;
                            
                            echo '<tr><td><a id="padding"> </a></td><td></td><td><a id="padding"> </a></td></tr>';
                            echo '<tr><td><a href="account.php?page='. $previous_page .'&id='.$cur_user.'" id="index_previous" '. $hide_previous.'>previous</a></td><td><a id="index_page">'. $cur_page .'/'. $max_page .'</a></td><td><a href="account.php?page='. $next_page .'&id='.$cur_user.'" id="index_next" ' . $hide_next .'>next</a></td></tr>'; //https
                            echo '</table>';
                        ?>
                    </div>
                </div>
                <div id="newshop">
                    <div class="container">
                        <form id="newShopForm" class="mainForm" method="post" action="create_shop.php">
                            <?php
                                $name="CSRFGuard_".mt_rand(0,mt_getrandmax());
                                $token=csrfguard_generate_token($name);
                                echo '<input type="hidden" name="CSRFName" value="'.$name.'" />';
                                echo '<input type="hidden" name="CSRFToken" value="'.$token.'" />';
                            ?>
                            <table>
                                <tr>
                                    <td><a class="textInNewShopForm">Shop Name:</a></td>
                                    <td>
                                        <input id="newshop_shopname" type="text" name="newshop_shopname">
                                    </td>
                                </tr>
                                <tr>
                                    <td><a class="textInNewShopForm">Shop Category:</a></td>
                                    <td>
                                        <select id="newshop_category" name="newshop_category">
                                            <option>Home</option>
                                            <option>Electronics</option>
                                            <option>Clothing</option>
                                            <option>Shoes</option>
                                        </select>
                                    </td>
                                </tr>   
                                <tr>
                                    <td><a class="textInNewShopForm">Shop Description:</a></td>
                                    <td>
                                        <input id="newshop_desc" name="newshop_desc">
                                    </td>
                                </tr>
                                <tr>
                                    <td><a class="textInNewShopForm">Delivery Methods:</a></td>
                                    <td>
                                        <input id="newshop_delivery" type="text" name="newshop_delivery">
                                    </td>
                                </tr>
                                <?php
                                    echo '<tr><input class="hidden" value="'. $cur_user .'" name="newshop_shopowner"></tr>';
                                ?>
                                <tr>
                                    <td></td>
                                    <td>
                                        <input type="submit" class="right" value="Create Shop">
                                    </td>
                                </tr>
                            </table>
                        </form>
                    </div>
                </div>
                <div id="recentlogin">
                    <?php
                        $query = "SELECT * FROM login_records WHERE username=$1 ORDER BY id DESC LIMIT 20";
                        pg_prepare($con, 'prepare10', $query) or die("Could not prepare statement");
                        $rs = pg_execute($con, 'prepare10', array($cur_user)) or die("Cannot execute query");
                        
                        echo "<table class='mainTable'>";
                        while ($row=pg_fetch_assoc($rs)) {
                            echo "<tr>";
                            echo "<td>" . $row['date'] . "</td>" . "<td>" . $row['ip'] . "</td>" . "<td>" . $row['country'] . "</td>" . "<td>" . $row['state'] . "</td>" . "<td>" . $row['city'] . "</td>";
                            echo "</tr>";
                        }
                        echo "</table>";
                    ?>
                </div>
                <div id="recentact">
                    <?php
                        $query = "SELECT * FROM log WHERE username=$1 ORDER BY id DESC LIMIT 20";
                        pg_prepare($con, 'prepare11', $query) or die("Could not prepare statement");
                        $rs = pg_execute($con, 'prepare11', array($cur_user)) or die("Cannot execute query");
                        
                        echo "<table class='mainTable'>";
                        while ($row=pg_fetch_assoc($rs)) {
                            echo "<tr>";
                            echo "<td>" . $row['time'] . "</td>" . "<td>" . $row['operation'] . "</td>" . "<td>" . $row['object'] . "</td>";
                            echo "</tr>";
                        }
                        echo "</table>";
                        pg_close($con);
                    ?>
                </div>
            </div>
        </div>
        <div class="right" id="right_navigation">
            
        </div>
    </div>
    <div id="footerBar">
        <div class="container">
            <p class="textInFooter">Jie Dong & Fang Yang 2012</p>
        </div>  
    </div>
</body>
</html>
